False
Although a useful form of protection it does not block or prevent other forms of cybercrime involving for example social engineering techniques.
Answers to our Fact or Fiction section in the newsletter
March 2025
FalseEncrypting data makes it completely secure against all cyber threats.
While encryption significantly enhances data security by making it unreadable without the correct decryption key, it does not protect against all threats, such as user error or device compromise.
FalseAll data breaches are the result of cyber-attacks.
Not all data breaches are due to cyber-attacks. Many breaches occur due to human error, such as misconfiguration of databases, improper disposal of documents, or inadvertently sending sensitive information to the wrong recipient.
FalseMulti-factor authentication (MFA) offers no real security benefits over using a strong password.
Two-factor authentication significantly enhances account security by requiring a second form of verification in addition to a password. This makes unauthorised access much harder, even if the password is compromised.
December 2024
FalseIt's safe to click on links in holiday greeting emails from known senders.
Even if emails appear to be from known senders, their accounts may have been compromised. Cybercriminals often exploit the holiday season to send phishing emails that mimic holiday greetings, aiming to steal personal information or infect your device with malware.
FalseBuying Christmas presents from a website that doesn't have HTTPS is okay if the deals are great.
It's crucial to use websites with HTTPS when making any purchase online, especially during the holiday season when online shopping spikes. HTTPS encrypts the data between your browser and the website, reducing the risk of data theft. Without HTTPS, any data transferred, including credit card information and personal details, is vulnerable to interception.
FalseIt's safe to use the same password for all online retailers to make purchases quicker.
Using the same password across multiple accounts increases the risk of multiple accounts being compromised if one gets breached. It's essential to use strong, unique passwords for each account, particularly during the holiday season when online shopping is prevalent. Consider using a password manager to keep track of different passwords.
September 2024
The only tool you need to prevent being compromised through cybercrime is anti-virus software.
Cyber fraud is very difficult to achieve?
False
Although some scams can be viewed as sophisticated, the majority of successful scams are down to routine phishing emails and people clicking on links.
You should be wary of all email attachments, even if you know the sender.
True
The sender of the email may have had their account compromised, and the attacker is emailing you an attachment from their account.
March 2024
You should always wait six months before installing a mobile phone update in case it's full of bugs.
False
Updates should be installed as soon as possible to protect from known vulnerabilities and exploits.
Cyber criminals only target large companies with plenty of money.
False
Any company and any individual can be subject to a cyber attack.
The best way to create a strong password is to use three random words.
True
Length is key here. However, do not use a well-known phrase. For example flowerofscotland is a 16 character password, but is not secure to use as it is easy to guess.
October 2023
Mobile phone apps do not need updating regularly
False
Mobile phone apps can be vulnerable to cyber attack and should always be updated to the latest version.
Hackers only target people with large bank accounts
False
Anyone can be a target of a cyber criminal regardless of how much money they have.
The University Information Security Policy applies to all users
True
The policy covers anyone accessing University services.
December 2021
Cyber Security doesn’t apply to me because I’m not in the Government or Healthcare industry.
False
All industries and organisations can and are targeted.
Enabling two factor authentication and using a strong, unique password helps to keep your social media accounts secure
True
Multi-Factor Authentication is a commonly used and valuable security tool. You are given access to an account after providing two or more pieces of information; something you are, something you have or something you know. For example, a username, password and code sent to your device. Passwords should be complex and unique.
It is perfectly safe to install a USB stick I found on the bus
False
Cyber criminals can plant USB sticks with the intention of spreading malware. When plugged in they can compromise devices and potentially wider network systems. You are advised to never use a USB stick you find or is second hand, and has not been fully wiped by a University team.
August 2021
Mobile phones do not need to run anti-virus software
False
Viruses exist for mobile phones and can infect and compromise. You should install an anti-virus app and keep it updated.
I don't handle personal data so I am of no interest to cyber criminals
False
We all have personal data about ourselves and most likely family and friends which is of interest to criminals. Our laptop, phone or other device if compromised can be used as a route into the University network. Anyone can be a target
Social engineering is one of the biggest threats we face
True
Social engineering is the manipulation of the natural human tendency to trust. Social engineers use deception to encourage individuals into divulging personal information and data which can then be used for fradulent purposes. An attack can start with a phishing email, a text, a phone call, even an arranged meeting in the street. Cyber criminals know about social engineering and are expert in its use.
May 2021
Mobile phone apps can share data with other apps.
True
It's important to be aware of what you install and give permission to when accepting the terms and conditions for mobile apps.
Wi-Fi enabled slow cookers are now available to purchase.
True
Today it's difficult to name a household object that isn't available with a wi-fi option and app. As with your laptop and phone the security of these should be kept under regular review.
It's perfectly okay to plug in a USB stick found in a carpark.
False
The USB stick could easily be setup to infect your computer, setting up a backdoor connection for further compromise. It's an attack vector that is used by cyber criminals when attempting to infiltrate an organisation.
February 2021
All phishing emails contain a link or an attachment to click on.
False
Phishing attempts can range in format: initial contact can be a plain text email with no attachments or links, to lure the victim into a dialogue.
Cyber security at the University is the responsibility of everyone.
True
Our information security is dependent on the safety and good practice of all of our members.
Password Managers are only useful to people with sensitive data.
False
Password managers benefit every internet or account user, as we all tend to have a great number of complex passwords to remember, which should not be written down. We all hold personal info about ourselves and family that can be of great value to criminals. Your data is important and should be kept secure. Our University uses a password manager called LastPass
November 2020
The first incidence of Ransomware dates from 1989
True
The AIDS Trojan mailed out on a five and a quarter inch floppy disk is the first recorded case of Ransomware
According to Microsoft 50% of compromises against organisations start with an email
False
The latest from Microsoft is a staggering 90% of compromises start with an email
Hackers compromised a Las Vegas Casino by breaking in via an Internet connected fish tank
True
The company Darktrace worked on an incident in 2018 where a casino was hacked via a thermometer in a lobby aquarium
August 2020
Word documents can contain computer viruses
Ransomware is the most common form of malware in the world today
True
We deliver an awareness session that explains what ransomware is, and how to protect against it. Find out when the next session will be and how to book, at MyEd.
More compromises against organisations begin with a phishing email than from any other threat
This article was published on